package com.decent.common.xss;

import com.decent.common.config.DecentSystemConfig;
import lombok.extern.slf4j.Slf4j;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

/**
 * xss攻击过滤器
 *
 * @author wangyx
 */
@Slf4j
public class XssFilter implements Filter {
    /**
     * 高级别xss防御开关，NORMAL：开启；其他：关闭；
     */
    private final DecentSystemConfig.XssConfig.XssLevelEnum xssProtectLevel;

    public XssFilter(DecentSystemConfig.XssConfig.XssLevelEnum xssProtectLevel) {
        this.xssProtectLevel = xssProtectLevel;
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        Filter.super.init(filterConfig);
    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        DecentHttpServletRequestWrapper wrapper = new DecentHttpServletRequestWrapper(request, xssProtectLevel);
        filterChain.doFilter(wrapper, servletResponse);
    }

    @Override
    public void destroy() {
        Filter.super.destroy();
    }
}
